Privacy Policy

Last updated: 7 May 2026

This privacy policy explains how gretahart.com ("this website"), operated by Greta Hart ("I", "me"), collects, uses, and protects your personal data. I take your privacy seriously and am committed to handling your information responsibly and in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data controller

The data controller for this website is Greta Hart. If you have any questions about how your data is handled, you can contact me at greta@gretahart.com.

2. What data I collect

When you use this website, the following personal data may be collected:

• Contact form submissions: Your name, email address, and the contents of your message, submitted voluntarily through the contact form.
• Cookies and similar technologies: Cloudflare Turnstile, used to protect the contact form from spam, may set cookies or use browser signals to verify that you are a real visitor. No tracking or advertising cookies are used on this site.
• Server logs: When you visit this website, your browser automatically sends technical information such as your IP address, browser type, and the pages you visit. This data is collected by the hosting provider for security and performance purposes.
• Font loading: This website uses Google Fonts, which are loaded from Google's servers. When a page loads, your browser connects to Google to retrieve the font files. Google may log this request, including your IP address. See Google's privacy policy for details.

3. Why I collect your data

I process your personal data for the following purposes:

• To respond to your enquiry: When you submit the contact form, I use your name and email address to reply to your message. The legal basis for this is your consent (GDPR Article 6(1)(a)), given when you voluntarily submit the form.
• To protect against spam: Cloudflare Turnstile is used to prevent automated or fraudulent form submissions. The legal basis is my legitimate interest in maintaining the security of this website (GDPR Article 6(1)(f)).
• To maintain the website: Server logs are processed by the hosting provider for security and uptime monitoring. The legal basis is legitimate interest (GDPR Article 6(1)(f)).

4. Third-party services

This website uses the following third-party services that may process your data:

• FormSubmit — processes contact form submissions and delivers them to my email. Your name, email, and message are transmitted through their service. See FormSubmit's privacy policy.
• Cloudflare Turnstile — provides spam protection for the contact form. It may collect technical data such as browser characteristics to verify visitors. See Cloudflare's privacy policy.
• Google Fonts — serves the typefaces used on this site. Your browser connects to Google's servers to load fonts. See Google's privacy policy.

No data is sold to third parties. No advertising or analytics tracking tools are used on this website.

5. Cookies

This website does not use advertising or analytics cookies. Cloudflare Turnstile may set functional cookies or use local storage to perform its spam verification. These are strictly necessary for the contact form to function and do not track you across other websites.

6. Data retention

Contact form submissions (your name, email, and message) are retained in my email inbox for as long as necessary to respond to and manage our correspondence. If you request deletion, I will remove your data within 30 days.

Server logs are retained by the hosting provider according to their own retention policies, typically no longer than 90 days.

7. Your rights under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data I hold about you.
• Right to rectification: You can ask me to correct any inaccurate data.
• Right to erasure: You can ask me to delete your personal data.
• Right to restrict processing: You can ask me to limit how I use your data.
• Right to data portability: You can request your data in a structured, machine-readable format.
• Right to object: You can object to processing based on legitimate interest.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, contact me at greta@gretahart.com. I will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ico.org.uk).

8. International data transfers

Some third-party services used on this website (FormSubmit, Cloudflare, Google) may process data outside the EEA, including in the United States. These providers rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure an adequate level of data protection.

9. Security

I take reasonable measures to protect your data, including using HTTPS encryption on this website and spam protection on the contact form. However, no method of transmission over the internet is completely secure.

10. Children's privacy

This website is not directed at individuals under the age of 16. I do not knowingly collect personal data from children. If you believe a child has submitted data through this website, please contact me and I will delete it promptly.

11. Changes to this policy

I may update this privacy policy from time to time. Any changes will be posted on this page with an updated date. I encourage you to review this page periodically.

12. Contact

If you have any questions about this privacy policy or how your data is handled, please contact me at greta@gretahart.com.